On February 15, the White House issued a Presidential Memorandum setting out rules to safeguard privacy, civil rights and civil liberties in the domestic use of Unmanned Aircraft Systems (“UAS”), sometimes referred to as UAVs or drones. In addition to privacy safeguards, the Memorandum also establishes a multi-stakeholder engagement process, including stakeholders from the private sector, to develop and communicate best practices for privacy, accountability and transparency issues that arise in the use of UAS. In a coordinated move, the Federal Aviation Administration (“FAA”) released its long-awaited Notice of Proposed Rulemaking for the commercial use of small UAS.
The Presidential Memorandum is the latest in a series of activities by lawmakers to address privacy concerns associated with UAS. In December 2014, Sen. Jay Rockefeller (D-WV) released his proposed Unmanned Aircraft Systems Privacy Act of 2014, which would establish rules on data collection and use by UAS operators. Additionally, in the last two years, several states, including Alaska, Illinois, Indiana, Iowa, Louisiana, North Carolina, Tennessee, Utah and Wisconsin, have enacted privacy laws that impact commercial and private use of UAS. Another 35 states have considered bills and resolutions aimed at regulating UAS. This year, California and Florida have proposed legislation meant to address the use of UAS to capture images of individuals.
The Presidential Memorandum instructs agencies that collect information through UAS in the National Airspace System (“NAS”) to establish procedures that incorporate the following requirements: (1) Collection and Use: Agencies shall only collect information using UAS, or use UAS-collected information, to the extent that such collection or use is consistent with and relevant to an authorized purpose; (2) Retention: Information collected using UAS that may contain personally identifiable information shall not be retained for more than 180 days unless retention of the information is determined to be necessary to an authorized mission of the retaining agency, is maintained in a system of records covered by the Privacy Act of 1974 or is required to be retained for a longer period by any other applicable law or regulation; (3) Dissemination: UAS-collected information that is not maintained in a system of records covered by the Privacy Act shall not be disseminated outside of the agency unless dissemination is required by law or fulfills an authorized purpose and complies with agency requirements. These guidelines largely address the issues raised by Sen. Rockefeller’s proposed Unmanned Aircraft Systems Privacy Act of 2014.
The Presidential Memorandum notes that UAS are “a potentially transformative technology” that could affect “diverse fields such as agriculture, law enforcement, coastal security, military training, search and rescue, first responder medical support, critical infrastructure inspection, and many others.” Therefore, government agencies operating in these areas are likely to be affected by these guidelines. The Presidential Memorandum directs the Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) to initiate by mid-May the multi-stakeholder engagement process with other interested agencies. The process will include stakeholders from the private sector. The NTIA has conducted similar multi-stakeholder privacy initiatives regarding mobile application transparency and facial recognition technology. The mobile application transparency process lasted over 12 months and included stakeholders such as the American Civil Liberties Union and Verizon. The process resulted in a code of conduct that enhances transparency in how companies providing applications and interactive services for mobile devices handle personal data. Commentators believe that NTIA’s UAS work likely will follow the format and pace of the mobile application transparency process. The facial recognition technology multi-stakeholder process is ongoing.